:doc:`IoTSecureTunneling <../../iotsecuretunneling>` / Client / rotate_tunnel_access_token

**************************
rotate_tunnel_access_token
**************************



.. py:method:: IoTSecureTunneling.Client.rotate_tunnel_access_token(**kwargs)

  

  Revokes the current client access token (CAT) and returns new CAT for clients to use when reconnecting to secure tunneling to access the same tunnel.

   

  Requires permission to access the `RotateTunnelAccessToken <https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions>`__ action.

   

  .. note::

    

    Rotating the CAT doesn't extend the tunnel duration. For example, say the tunnel duration is 12 hours and the tunnel has already been open for 4 hours. When you rotate the access tokens, the new tokens that are generated can only be used for the remaining 8 hours.

    

  

  See also: `AWS API Documentation <https://docs.aws.amazon.com/goto/WebAPI/iotsecuretunneling-2018-10-05/RotateTunnelAccessToken>`_  


  **Request Syntax**
  ::

    response = client.rotate_tunnel_access_token(
        tunnelId='string',
        clientMode='SOURCE'|'DESTINATION'|'ALL',
        destinationConfig={
            'thingName': 'string',
            'services': [
                'string',
            ]
        }
    )
    
  :type tunnelId: string
  :param tunnelId: **[REQUIRED]** 

    The tunnel for which you want to rotate the access tokens.

    

  
  :type clientMode: string
  :param clientMode: **[REQUIRED]** 

    The mode of the client that will use the client token, which can be either the source or destination, or both source and destination.

    

  
  :type destinationConfig: dict
  :param destinationConfig: 

    The destination configuration.

    

  
    - **thingName** *(string) --* 

      The name of the IoT thing to which you want to connect.

      

    
    - **services** *(list) --* **[REQUIRED]** 

      A list of service names that identify the target application. The IoT client running on the destination device reads this value and uses it to look up a port or an IP address and a port. The IoT client instantiates the local proxy, which uses this information to connect to the destination application.

      

    
      - *(string) --* 

      
  
  
  
  :rtype: dict
  :returns: 
    
    **Response Syntax**

    
    ::

      {
          'tunnelArn': 'string',
          'sourceAccessToken': 'string',
          'destinationAccessToken': 'string'
      }
      
    **Response Structure**

    

    - *(dict) --* 
      

      - **tunnelArn** *(string) --* 

        The Amazon Resource Name for the tunnel.

        
      

      - **sourceAccessToken** *(string) --* 

        The client access token that the source local proxy uses to connect to IoT Secure Tunneling.

        
      

      - **destinationAccessToken** *(string) --* 

        The client access token that the destination local proxy uses to connect to IoT Secure Tunneling.

        
  
  **Exceptions**
  
  *   :py:class:`IoTSecureTunneling.Client.exceptions.ResourceNotFoundException`

  